X509_check_purpose(x, -1, 0);
/* If cache is NULL, likely ENOMEM: return immediately */
- if ((cache = policy_cache_set(x)) == NULL)
+ if (policy_cache_set(x) == NULL)
return X509_PCY_TREE_INTERNAL;
}
* decremented for every non-self-issued certificate in the path, but may
* be further reduced by policy constraints in a non-leaf certificate.
*
- * The ultimate policy set is the interesection of all the policies along
+ * The ultimate policy set is the intersection of all the policies along
* the path, if we hit a certificate with an empty policy set, and explicit
* policy is required we're done.
*/
{
int init_ret;
int ret;
+ int calc_ret;
X509_POLICY_TREE *tree = NULL;
STACK_OF(X509_POLICY_NODE) *nodes, *auth_nodes = NULL;
}
/* Tree is not empty: continue */
- if ((ret = tree_calculate_authority_set(tree, &auth_nodes)) == 0 ||
- !tree_calculate_user_set(tree, policy_oids, auth_nodes))
+
+ if ((calc_ret = tree_calculate_authority_set(tree, &auth_nodes)) == 0)
goto error;
- if (ret == TREE_CALC_OK_DOFREE)
+ ret = tree_calculate_user_set(tree, policy_oids, auth_nodes);
+ if (calc_ret == TREE_CALC_OK_DOFREE)
sk_X509_POLICY_NODE_free(auth_nodes);
+ if (!ret)
+ goto error;
*ptree = tree;